Cybersecurity Incident Specialist

Location: Bengaluru,Karnataka,India

Who are we?

Whatfix is the #1 Digital Adoption Platform (DAP) for Enterprises. We are disrupting the way Learning, Training and Application Support content is consumed. We provide large enterprises with a SaaS platform that helps accelerate product adoption and reduce support & training efforts by providing contextual and step by step guidance inside any web application at the exact time a task is being performed. The product has redefined the way companies onboard, train, and provide support to users.

What sets us apart from the rest?

With over 100 of the Fortune 500 companies already onboard as customers, Whatfix has been named among the top 20 B2B tech companies alongside the likes of Adobe, PayPal, and Cisco.

With a YoY growth of 300%, we have also been recognized among the top 50 fastest growing SaaS companies worldwide in the SaaS 1000 list and as a Market Leader by Gartner in the Digital Adoption space.

“Hustle Mode ON” is something we live by.

Position Summary:

The SOC coordinator will be the single point of contact for the SOC team and will be responsible for performing the initial review of all incidents reported by the SOC. Coordinate with various stakeholders in ensuring tracking closures and escalating when the timelines are not met.

Responsibilities:

• Coordinate with the SOC team and perform initial triage of the issue
• Respond to cyber security tickets and provide analysis and trending of security log data from security devices as well as various security tool portals
• Tune rules and thresholds to improve fidelity of alerts
• Work with the stakeholders towards integrating security events of existing and new solutions into the SIEM.
• Provide proactive “threat hunting” to detect incidents
• Prepare reports of analysis and results to provide briefings to management and clients
• Provide Incident Response support when analysis confirms actionable incident
• Investigate, document, and report on information security issues and emerging trends.
• Participate in Cybersecurity tabletop exercises to SOC staff and relevant stakeholder groups for the purposes of identifying process improvement opportunities.
• Define protocols and maturing of 'playbooks' for operational response to cyber threats
• Operate autonomously to further investigate and escalate in accordance with policies, procedures and defined processes
• Lead SOC analysts during incident response actions, advise and coordinate with leadership during active incidents
• Contribute to the improvements to the SOC monitoring, hunting, and incident management processes.
• Create weekly reports on technical KPI and key metric data to provide to management.
• Provide SOC management monthly trending metrics of SOC operations.
• Lead post-incident reviews.

Skills and Experience Required:

• Experience as a Senior Security Analyst leading a team
• Experience with Security Operations Center, network event analysis and/or threat analysis
• Excellent knowledge and demonstrated experience in incident response tools, techniques and processes for effective threat containment, mitigation and remediation.
• Good knowledge and demonstrated experience of common cybersecurity technologies such as; IDS / IPS / HIPS, Advanced Anti-malware prevention and analysis, Firewalls, Proxies, MSS, etc.
• Good knowledge of common network protocols such as TCP, UDP, DNS, DHCP, IPSEC, HTTP, etc. and network protocol analysis suits.
• Good knowledge of common enterprise technology infrastructure, platforms, middleware, databases, applications and tooling, including; Windows, Linux, infrastructure management and networking hardware.
• Good knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques and procedures in order to inform adjustments to the control plane.
• Expertise in integrating Cloud applications to SIEM
• Experience working as an Incident Responder in a SAAS organization.
• Knowledge of various security methodologies and technical security solutions
• Experience analyzing data from cybersecurity monitoring tools
• Ability to analyze endpoint, network, and application logs
• Experience tuning and/or configuring SIEM and vulnerability tools
• Knowledge of common Internet protocols and applications
• Scripting experience in Linux or PowerShell preferred

Qualifications

• Qualification Required: Bachelor/Master Degree in either Computer Engineering or Information science
• Excellent communication (written and oral) and client relationship management skills
• Strong experience with security platforms for analysis of incidents and events
• Minimum experience: 6+ years of experience managing incidents
• 3+ years of experience working with security tools performing deployment, configuration, and maintaining operations, content development
• 3+ years of experience working with security operations capabilities (e.g. incident response, security infrastructure management or monitoring services)

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.